1*53ee8cc1Swenshuai.xi #ifndef _LINUX_XFRM_H 2*53ee8cc1Swenshuai.xi #define _LINUX_XFRM_H 3*53ee8cc1Swenshuai.xi 4*53ee8cc1Swenshuai.xi #include <linux/types.h> 5*53ee8cc1Swenshuai.xi 6*53ee8cc1Swenshuai.xi /* All of the structures in this file may not change size as they are 7*53ee8cc1Swenshuai.xi * passed into the kernel from userspace via netlink sockets. 8*53ee8cc1Swenshuai.xi */ 9*53ee8cc1Swenshuai.xi 10*53ee8cc1Swenshuai.xi /* Structure to encapsulate addresses. I do not want to use 11*53ee8cc1Swenshuai.xi * "standard" structure. My apologies. 12*53ee8cc1Swenshuai.xi */ 13*53ee8cc1Swenshuai.xi typedef union 14*53ee8cc1Swenshuai.xi { 15*53ee8cc1Swenshuai.xi __be32 a4; 16*53ee8cc1Swenshuai.xi __be32 a6[4]; 17*53ee8cc1Swenshuai.xi } xfrm_address_t; 18*53ee8cc1Swenshuai.xi 19*53ee8cc1Swenshuai.xi /* Ident of a specific xfrm_state. It is used on input to lookup 20*53ee8cc1Swenshuai.xi * the state by (spi,daddr,ah/esp) or to store information about 21*53ee8cc1Swenshuai.xi * spi, protocol and tunnel address on output. 22*53ee8cc1Swenshuai.xi */ 23*53ee8cc1Swenshuai.xi struct xfrm_id 24*53ee8cc1Swenshuai.xi { 25*53ee8cc1Swenshuai.xi xfrm_address_t daddr; 26*53ee8cc1Swenshuai.xi __be32 spi; 27*53ee8cc1Swenshuai.xi __u8 proto; 28*53ee8cc1Swenshuai.xi }; 29*53ee8cc1Swenshuai.xi 30*53ee8cc1Swenshuai.xi struct xfrm_sec_ctx { 31*53ee8cc1Swenshuai.xi __u8 ctx_doi; 32*53ee8cc1Swenshuai.xi __u8 ctx_alg; 33*53ee8cc1Swenshuai.xi __u16 ctx_len; 34*53ee8cc1Swenshuai.xi __u32 ctx_sid; 35*53ee8cc1Swenshuai.xi char ctx_str[0]; 36*53ee8cc1Swenshuai.xi }; 37*53ee8cc1Swenshuai.xi 38*53ee8cc1Swenshuai.xi /* Security Context Domains of Interpretation */ 39*53ee8cc1Swenshuai.xi #define XFRM_SC_DOI_RESERVED 0 40*53ee8cc1Swenshuai.xi #define XFRM_SC_DOI_LSM 1 41*53ee8cc1Swenshuai.xi 42*53ee8cc1Swenshuai.xi /* Security Context Algorithms */ 43*53ee8cc1Swenshuai.xi #define XFRM_SC_ALG_RESERVED 0 44*53ee8cc1Swenshuai.xi #define XFRM_SC_ALG_SELINUX 1 45*53ee8cc1Swenshuai.xi 46*53ee8cc1Swenshuai.xi /* Selector, used as selector both on policy rules (SPD) and SAs. */ 47*53ee8cc1Swenshuai.xi 48*53ee8cc1Swenshuai.xi struct xfrm_selector 49*53ee8cc1Swenshuai.xi { 50*53ee8cc1Swenshuai.xi xfrm_address_t daddr; 51*53ee8cc1Swenshuai.xi xfrm_address_t saddr; 52*53ee8cc1Swenshuai.xi __be16 dport; 53*53ee8cc1Swenshuai.xi __be16 dport_mask; 54*53ee8cc1Swenshuai.xi __be16 sport; 55*53ee8cc1Swenshuai.xi __be16 sport_mask; 56*53ee8cc1Swenshuai.xi __u16 family; 57*53ee8cc1Swenshuai.xi __u8 prefixlen_d; 58*53ee8cc1Swenshuai.xi __u8 prefixlen_s; 59*53ee8cc1Swenshuai.xi __u8 proto; 60*53ee8cc1Swenshuai.xi int ifindex; 61*53ee8cc1Swenshuai.xi uid_t user; 62*53ee8cc1Swenshuai.xi }; 63*53ee8cc1Swenshuai.xi 64*53ee8cc1Swenshuai.xi #define XFRM_INF (~(__u64)0) 65*53ee8cc1Swenshuai.xi 66*53ee8cc1Swenshuai.xi struct xfrm_lifetime_cfg 67*53ee8cc1Swenshuai.xi { 68*53ee8cc1Swenshuai.xi __u64 soft_byte_limit; 69*53ee8cc1Swenshuai.xi __u64 hard_byte_limit; 70*53ee8cc1Swenshuai.xi __u64 soft_packet_limit; 71*53ee8cc1Swenshuai.xi __u64 hard_packet_limit; 72*53ee8cc1Swenshuai.xi __u64 soft_add_expires_seconds; 73*53ee8cc1Swenshuai.xi __u64 hard_add_expires_seconds; 74*53ee8cc1Swenshuai.xi __u64 soft_use_expires_seconds; 75*53ee8cc1Swenshuai.xi __u64 hard_use_expires_seconds; 76*53ee8cc1Swenshuai.xi }; 77*53ee8cc1Swenshuai.xi 78*53ee8cc1Swenshuai.xi struct xfrm_lifetime_cur 79*53ee8cc1Swenshuai.xi { 80*53ee8cc1Swenshuai.xi __u64 bytes; 81*53ee8cc1Swenshuai.xi __u64 packets; 82*53ee8cc1Swenshuai.xi __u64 add_time; 83*53ee8cc1Swenshuai.xi __u64 use_time; 84*53ee8cc1Swenshuai.xi }; 85*53ee8cc1Swenshuai.xi 86*53ee8cc1Swenshuai.xi struct xfrm_replay_state 87*53ee8cc1Swenshuai.xi { 88*53ee8cc1Swenshuai.xi __u32 oseq; 89*53ee8cc1Swenshuai.xi __u32 seq; 90*53ee8cc1Swenshuai.xi __u32 bitmap; 91*53ee8cc1Swenshuai.xi }; 92*53ee8cc1Swenshuai.xi 93*53ee8cc1Swenshuai.xi struct xfrm_algo { 94*53ee8cc1Swenshuai.xi char alg_name[64]; 95*53ee8cc1Swenshuai.xi unsigned int alg_key_len; /* in bits */ 96*53ee8cc1Swenshuai.xi char alg_key[0]; 97*53ee8cc1Swenshuai.xi }; 98*53ee8cc1Swenshuai.xi 99*53ee8cc1Swenshuai.xi struct xfrm_algo_aead { 100*53ee8cc1Swenshuai.xi char alg_name[64]; 101*53ee8cc1Swenshuai.xi unsigned int alg_key_len; /* in bits */ 102*53ee8cc1Swenshuai.xi unsigned int alg_icv_len; /* in bits */ 103*53ee8cc1Swenshuai.xi char alg_key[0]; 104*53ee8cc1Swenshuai.xi }; 105*53ee8cc1Swenshuai.xi 106*53ee8cc1Swenshuai.xi struct xfrm_stats { 107*53ee8cc1Swenshuai.xi __u32 replay_window; 108*53ee8cc1Swenshuai.xi __u32 replay; 109*53ee8cc1Swenshuai.xi __u32 integrity_failed; 110*53ee8cc1Swenshuai.xi }; 111*53ee8cc1Swenshuai.xi 112*53ee8cc1Swenshuai.xi enum 113*53ee8cc1Swenshuai.xi { 114*53ee8cc1Swenshuai.xi XFRM_POLICY_TYPE_MAIN = 0, 115*53ee8cc1Swenshuai.xi XFRM_POLICY_TYPE_SUB = 1, 116*53ee8cc1Swenshuai.xi XFRM_POLICY_TYPE_MAX = 2, 117*53ee8cc1Swenshuai.xi XFRM_POLICY_TYPE_ANY = 255 118*53ee8cc1Swenshuai.xi }; 119*53ee8cc1Swenshuai.xi 120*53ee8cc1Swenshuai.xi enum 121*53ee8cc1Swenshuai.xi { 122*53ee8cc1Swenshuai.xi XFRM_POLICY_IN = 0, 123*53ee8cc1Swenshuai.xi XFRM_POLICY_OUT = 1, 124*53ee8cc1Swenshuai.xi XFRM_POLICY_FWD = 2, 125*53ee8cc1Swenshuai.xi XFRM_POLICY_MASK = 3, 126*53ee8cc1Swenshuai.xi XFRM_POLICY_MAX = 3 127*53ee8cc1Swenshuai.xi }; 128*53ee8cc1Swenshuai.xi 129*53ee8cc1Swenshuai.xi enum 130*53ee8cc1Swenshuai.xi { 131*53ee8cc1Swenshuai.xi XFRM_SHARE_ANY, /* No limitations */ 132*53ee8cc1Swenshuai.xi XFRM_SHARE_SESSION, /* For this session only */ 133*53ee8cc1Swenshuai.xi XFRM_SHARE_USER, /* For this user only */ 134*53ee8cc1Swenshuai.xi XFRM_SHARE_UNIQUE /* Use once */ 135*53ee8cc1Swenshuai.xi }; 136*53ee8cc1Swenshuai.xi 137*53ee8cc1Swenshuai.xi #define XFRM_MODE_TRANSPORT 0 138*53ee8cc1Swenshuai.xi #define XFRM_MODE_TUNNEL 1 139*53ee8cc1Swenshuai.xi #define XFRM_MODE_ROUTEOPTIMIZATION 2 140*53ee8cc1Swenshuai.xi #define XFRM_MODE_IN_TRIGGER 3 141*53ee8cc1Swenshuai.xi #define XFRM_MODE_BEET 4 142*53ee8cc1Swenshuai.xi #define XFRM_MODE_MAX 5 143*53ee8cc1Swenshuai.xi 144*53ee8cc1Swenshuai.xi /* Netlink configuration messages. */ 145*53ee8cc1Swenshuai.xi enum { 146*53ee8cc1Swenshuai.xi XFRM_MSG_BASE = 0x10, 147*53ee8cc1Swenshuai.xi 148*53ee8cc1Swenshuai.xi XFRM_MSG_NEWSA = 0x10, 149*53ee8cc1Swenshuai.xi #define XFRM_MSG_NEWSA XFRM_MSG_NEWSA 150*53ee8cc1Swenshuai.xi XFRM_MSG_DELSA, 151*53ee8cc1Swenshuai.xi #define XFRM_MSG_DELSA XFRM_MSG_DELSA 152*53ee8cc1Swenshuai.xi XFRM_MSG_GETSA, 153*53ee8cc1Swenshuai.xi #define XFRM_MSG_GETSA XFRM_MSG_GETSA 154*53ee8cc1Swenshuai.xi 155*53ee8cc1Swenshuai.xi XFRM_MSG_NEWPOLICY, 156*53ee8cc1Swenshuai.xi #define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY 157*53ee8cc1Swenshuai.xi XFRM_MSG_DELPOLICY, 158*53ee8cc1Swenshuai.xi #define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY 159*53ee8cc1Swenshuai.xi XFRM_MSG_GETPOLICY, 160*53ee8cc1Swenshuai.xi #define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY 161*53ee8cc1Swenshuai.xi 162*53ee8cc1Swenshuai.xi XFRM_MSG_ALLOCSPI, 163*53ee8cc1Swenshuai.xi #define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI 164*53ee8cc1Swenshuai.xi XFRM_MSG_ACQUIRE, 165*53ee8cc1Swenshuai.xi #define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE 166*53ee8cc1Swenshuai.xi XFRM_MSG_EXPIRE, 167*53ee8cc1Swenshuai.xi #define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE 168*53ee8cc1Swenshuai.xi 169*53ee8cc1Swenshuai.xi XFRM_MSG_UPDPOLICY, 170*53ee8cc1Swenshuai.xi #define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY 171*53ee8cc1Swenshuai.xi XFRM_MSG_UPDSA, 172*53ee8cc1Swenshuai.xi #define XFRM_MSG_UPDSA XFRM_MSG_UPDSA 173*53ee8cc1Swenshuai.xi 174*53ee8cc1Swenshuai.xi XFRM_MSG_POLEXPIRE, 175*53ee8cc1Swenshuai.xi #define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE 176*53ee8cc1Swenshuai.xi 177*53ee8cc1Swenshuai.xi XFRM_MSG_FLUSHSA, 178*53ee8cc1Swenshuai.xi #define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA 179*53ee8cc1Swenshuai.xi XFRM_MSG_FLUSHPOLICY, 180*53ee8cc1Swenshuai.xi #define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY 181*53ee8cc1Swenshuai.xi 182*53ee8cc1Swenshuai.xi XFRM_MSG_NEWAE, 183*53ee8cc1Swenshuai.xi #define XFRM_MSG_NEWAE XFRM_MSG_NEWAE 184*53ee8cc1Swenshuai.xi XFRM_MSG_GETAE, 185*53ee8cc1Swenshuai.xi #define XFRM_MSG_GETAE XFRM_MSG_GETAE 186*53ee8cc1Swenshuai.xi 187*53ee8cc1Swenshuai.xi XFRM_MSG_REPORT, 188*53ee8cc1Swenshuai.xi #define XFRM_MSG_REPORT XFRM_MSG_REPORT 189*53ee8cc1Swenshuai.xi 190*53ee8cc1Swenshuai.xi XFRM_MSG_MIGRATE, 191*53ee8cc1Swenshuai.xi #define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE 192*53ee8cc1Swenshuai.xi 193*53ee8cc1Swenshuai.xi XFRM_MSG_NEWSADINFO, 194*53ee8cc1Swenshuai.xi #define XFRM_MSG_NEWSADINFO XFRM_MSG_NEWSADINFO 195*53ee8cc1Swenshuai.xi XFRM_MSG_GETSADINFO, 196*53ee8cc1Swenshuai.xi #define XFRM_MSG_GETSADINFO XFRM_MSG_GETSADINFO 197*53ee8cc1Swenshuai.xi 198*53ee8cc1Swenshuai.xi XFRM_MSG_NEWSPDINFO, 199*53ee8cc1Swenshuai.xi #define XFRM_MSG_NEWSPDINFO XFRM_MSG_NEWSPDINFO 200*53ee8cc1Swenshuai.xi XFRM_MSG_GETSPDINFO, 201*53ee8cc1Swenshuai.xi #define XFRM_MSG_GETSPDINFO XFRM_MSG_GETSPDINFO 202*53ee8cc1Swenshuai.xi __XFRM_MSG_MAX 203*53ee8cc1Swenshuai.xi }; 204*53ee8cc1Swenshuai.xi #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) 205*53ee8cc1Swenshuai.xi 206*53ee8cc1Swenshuai.xi #define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE) 207*53ee8cc1Swenshuai.xi 208*53ee8cc1Swenshuai.xi /* 209*53ee8cc1Swenshuai.xi * Generic LSM security context for comunicating to user space 210*53ee8cc1Swenshuai.xi * NOTE: Same format as sadb_x_sec_ctx 211*53ee8cc1Swenshuai.xi */ 212*53ee8cc1Swenshuai.xi struct xfrm_user_sec_ctx { 213*53ee8cc1Swenshuai.xi __u16 len; 214*53ee8cc1Swenshuai.xi __u16 exttype; 215*53ee8cc1Swenshuai.xi __u8 ctx_alg; /* LSMs: e.g., selinux == 1 */ 216*53ee8cc1Swenshuai.xi __u8 ctx_doi; 217*53ee8cc1Swenshuai.xi __u16 ctx_len; 218*53ee8cc1Swenshuai.xi }; 219*53ee8cc1Swenshuai.xi 220*53ee8cc1Swenshuai.xi struct xfrm_user_tmpl { 221*53ee8cc1Swenshuai.xi struct xfrm_id id; 222*53ee8cc1Swenshuai.xi __u16 family; 223*53ee8cc1Swenshuai.xi xfrm_address_t saddr; 224*53ee8cc1Swenshuai.xi __u32 reqid; 225*53ee8cc1Swenshuai.xi __u8 mode; 226*53ee8cc1Swenshuai.xi __u8 share; 227*53ee8cc1Swenshuai.xi __u8 optional; 228*53ee8cc1Swenshuai.xi __u32 aalgos; 229*53ee8cc1Swenshuai.xi __u32 ealgos; 230*53ee8cc1Swenshuai.xi __u32 calgos; 231*53ee8cc1Swenshuai.xi }; 232*53ee8cc1Swenshuai.xi 233*53ee8cc1Swenshuai.xi struct xfrm_encap_tmpl { 234*53ee8cc1Swenshuai.xi __u16 encap_type; 235*53ee8cc1Swenshuai.xi __be16 encap_sport; 236*53ee8cc1Swenshuai.xi __be16 encap_dport; 237*53ee8cc1Swenshuai.xi xfrm_address_t encap_oa; 238*53ee8cc1Swenshuai.xi }; 239*53ee8cc1Swenshuai.xi 240*53ee8cc1Swenshuai.xi /* AEVENT flags */ 241*53ee8cc1Swenshuai.xi enum xfrm_ae_ftype_t { 242*53ee8cc1Swenshuai.xi XFRM_AE_UNSPEC, 243*53ee8cc1Swenshuai.xi XFRM_AE_RTHR=1, /* replay threshold*/ 244*53ee8cc1Swenshuai.xi XFRM_AE_RVAL=2, /* replay value */ 245*53ee8cc1Swenshuai.xi XFRM_AE_LVAL=4, /* lifetime value */ 246*53ee8cc1Swenshuai.xi XFRM_AE_ETHR=8, /* expiry timer threshold */ 247*53ee8cc1Swenshuai.xi XFRM_AE_CR=16, /* Event cause is replay update */ 248*53ee8cc1Swenshuai.xi XFRM_AE_CE=32, /* Event cause is timer expiry */ 249*53ee8cc1Swenshuai.xi XFRM_AE_CU=64, /* Event cause is policy update */ 250*53ee8cc1Swenshuai.xi __XFRM_AE_MAX 251*53ee8cc1Swenshuai.xi 252*53ee8cc1Swenshuai.xi #define XFRM_AE_MAX (__XFRM_AE_MAX - 1) 253*53ee8cc1Swenshuai.xi }; 254*53ee8cc1Swenshuai.xi 255*53ee8cc1Swenshuai.xi struct xfrm_userpolicy_type { 256*53ee8cc1Swenshuai.xi __u8 type; 257*53ee8cc1Swenshuai.xi __u16 reserved1; 258*53ee8cc1Swenshuai.xi __u8 reserved2; 259*53ee8cc1Swenshuai.xi }; 260*53ee8cc1Swenshuai.xi 261*53ee8cc1Swenshuai.xi /* Netlink message attributes. */ 262*53ee8cc1Swenshuai.xi enum xfrm_attr_type_t { 263*53ee8cc1Swenshuai.xi XFRMA_UNSPEC, 264*53ee8cc1Swenshuai.xi XFRMA_ALG_AUTH, /* struct xfrm_algo */ 265*53ee8cc1Swenshuai.xi XFRMA_ALG_CRYPT, /* struct xfrm_algo */ 266*53ee8cc1Swenshuai.xi XFRMA_ALG_COMP, /* struct xfrm_algo */ 267*53ee8cc1Swenshuai.xi XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */ 268*53ee8cc1Swenshuai.xi XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */ 269*53ee8cc1Swenshuai.xi XFRMA_SA, 270*53ee8cc1Swenshuai.xi XFRMA_POLICY, 271*53ee8cc1Swenshuai.xi XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */ 272*53ee8cc1Swenshuai.xi XFRMA_LTIME_VAL, 273*53ee8cc1Swenshuai.xi XFRMA_REPLAY_VAL, 274*53ee8cc1Swenshuai.xi XFRMA_REPLAY_THRESH, 275*53ee8cc1Swenshuai.xi XFRMA_ETIMER_THRESH, 276*53ee8cc1Swenshuai.xi XFRMA_SRCADDR, /* xfrm_address_t */ 277*53ee8cc1Swenshuai.xi XFRMA_COADDR, /* xfrm_address_t */ 278*53ee8cc1Swenshuai.xi XFRMA_LASTUSED, 279*53ee8cc1Swenshuai.xi XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */ 280*53ee8cc1Swenshuai.xi XFRMA_MIGRATE, 281*53ee8cc1Swenshuai.xi XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */ 282*53ee8cc1Swenshuai.xi __XFRMA_MAX 283*53ee8cc1Swenshuai.xi 284*53ee8cc1Swenshuai.xi #define XFRMA_MAX (__XFRMA_MAX - 1) 285*53ee8cc1Swenshuai.xi }; 286*53ee8cc1Swenshuai.xi 287*53ee8cc1Swenshuai.xi enum xfrm_sadattr_type_t { 288*53ee8cc1Swenshuai.xi XFRMA_SAD_UNSPEC, 289*53ee8cc1Swenshuai.xi XFRMA_SAD_CNT, 290*53ee8cc1Swenshuai.xi XFRMA_SAD_HINFO, 291*53ee8cc1Swenshuai.xi __XFRMA_SAD_MAX 292*53ee8cc1Swenshuai.xi 293*53ee8cc1Swenshuai.xi #define XFRMA_SAD_MAX (__XFRMA_SAD_MAX - 1) 294*53ee8cc1Swenshuai.xi }; 295*53ee8cc1Swenshuai.xi 296*53ee8cc1Swenshuai.xi struct xfrmu_sadhinfo { 297*53ee8cc1Swenshuai.xi __u32 sadhcnt; /* current hash bkts */ 298*53ee8cc1Swenshuai.xi __u32 sadhmcnt; /* max allowed hash bkts */ 299*53ee8cc1Swenshuai.xi }; 300*53ee8cc1Swenshuai.xi 301*53ee8cc1Swenshuai.xi enum xfrm_spdattr_type_t { 302*53ee8cc1Swenshuai.xi XFRMA_SPD_UNSPEC, 303*53ee8cc1Swenshuai.xi XFRMA_SPD_INFO, 304*53ee8cc1Swenshuai.xi XFRMA_SPD_HINFO, 305*53ee8cc1Swenshuai.xi __XFRMA_SPD_MAX 306*53ee8cc1Swenshuai.xi 307*53ee8cc1Swenshuai.xi #define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1) 308*53ee8cc1Swenshuai.xi }; 309*53ee8cc1Swenshuai.xi 310*53ee8cc1Swenshuai.xi struct xfrmu_spdinfo { 311*53ee8cc1Swenshuai.xi __u32 incnt; 312*53ee8cc1Swenshuai.xi __u32 outcnt; 313*53ee8cc1Swenshuai.xi __u32 fwdcnt; 314*53ee8cc1Swenshuai.xi __u32 inscnt; 315*53ee8cc1Swenshuai.xi __u32 outscnt; 316*53ee8cc1Swenshuai.xi __u32 fwdscnt; 317*53ee8cc1Swenshuai.xi }; 318*53ee8cc1Swenshuai.xi 319*53ee8cc1Swenshuai.xi struct xfrmu_spdhinfo { 320*53ee8cc1Swenshuai.xi __u32 spdhcnt; 321*53ee8cc1Swenshuai.xi __u32 spdhmcnt; 322*53ee8cc1Swenshuai.xi }; 323*53ee8cc1Swenshuai.xi 324*53ee8cc1Swenshuai.xi struct xfrm_usersa_info { 325*53ee8cc1Swenshuai.xi struct xfrm_selector sel; 326*53ee8cc1Swenshuai.xi struct xfrm_id id; 327*53ee8cc1Swenshuai.xi xfrm_address_t saddr; 328*53ee8cc1Swenshuai.xi struct xfrm_lifetime_cfg lft; 329*53ee8cc1Swenshuai.xi struct xfrm_lifetime_cur curlft; 330*53ee8cc1Swenshuai.xi struct xfrm_stats stats; 331*53ee8cc1Swenshuai.xi __u32 seq; 332*53ee8cc1Swenshuai.xi __u32 reqid; 333*53ee8cc1Swenshuai.xi __u16 family; 334*53ee8cc1Swenshuai.xi __u8 mode; /* XFRM_MODE_xxx */ 335*53ee8cc1Swenshuai.xi __u8 replay_window; 336*53ee8cc1Swenshuai.xi __u8 flags; 337*53ee8cc1Swenshuai.xi #define XFRM_STATE_NOECN 1 338*53ee8cc1Swenshuai.xi #define XFRM_STATE_DECAP_DSCP 2 339*53ee8cc1Swenshuai.xi #define XFRM_STATE_NOPMTUDISC 4 340*53ee8cc1Swenshuai.xi #define XFRM_STATE_WILDRECV 8 341*53ee8cc1Swenshuai.xi #define XFRM_STATE_ICMP 16 342*53ee8cc1Swenshuai.xi #define XFRM_STATE_AF_UNSPEC 32 343*53ee8cc1Swenshuai.xi }; 344*53ee8cc1Swenshuai.xi 345*53ee8cc1Swenshuai.xi struct xfrm_usersa_id { 346*53ee8cc1Swenshuai.xi xfrm_address_t daddr; 347*53ee8cc1Swenshuai.xi __be32 spi; 348*53ee8cc1Swenshuai.xi __u16 family; 349*53ee8cc1Swenshuai.xi __u8 proto; 350*53ee8cc1Swenshuai.xi }; 351*53ee8cc1Swenshuai.xi 352*53ee8cc1Swenshuai.xi struct xfrm_aevent_id { 353*53ee8cc1Swenshuai.xi struct xfrm_usersa_id sa_id; 354*53ee8cc1Swenshuai.xi xfrm_address_t saddr; 355*53ee8cc1Swenshuai.xi __u32 flags; 356*53ee8cc1Swenshuai.xi __u32 reqid; 357*53ee8cc1Swenshuai.xi }; 358*53ee8cc1Swenshuai.xi 359*53ee8cc1Swenshuai.xi struct xfrm_userspi_info { 360*53ee8cc1Swenshuai.xi struct xfrm_usersa_info info; 361*53ee8cc1Swenshuai.xi __u32 min; 362*53ee8cc1Swenshuai.xi __u32 max; 363*53ee8cc1Swenshuai.xi }; 364*53ee8cc1Swenshuai.xi 365*53ee8cc1Swenshuai.xi struct xfrm_userpolicy_info { 366*53ee8cc1Swenshuai.xi struct xfrm_selector sel; 367*53ee8cc1Swenshuai.xi struct xfrm_lifetime_cfg lft; 368*53ee8cc1Swenshuai.xi struct xfrm_lifetime_cur curlft; 369*53ee8cc1Swenshuai.xi __u32 priority; 370*53ee8cc1Swenshuai.xi __u32 index; 371*53ee8cc1Swenshuai.xi __u8 dir; 372*53ee8cc1Swenshuai.xi __u8 action; 373*53ee8cc1Swenshuai.xi #define XFRM_POLICY_ALLOW 0 374*53ee8cc1Swenshuai.xi #define XFRM_POLICY_BLOCK 1 375*53ee8cc1Swenshuai.xi __u8 flags; 376*53ee8cc1Swenshuai.xi #define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */ 377*53ee8cc1Swenshuai.xi /* Automatically expand selector to include matching ICMP payloads. */ 378*53ee8cc1Swenshuai.xi #define XFRM_POLICY_ICMP 2 379*53ee8cc1Swenshuai.xi __u8 share; 380*53ee8cc1Swenshuai.xi }; 381*53ee8cc1Swenshuai.xi 382*53ee8cc1Swenshuai.xi struct xfrm_userpolicy_id { 383*53ee8cc1Swenshuai.xi struct xfrm_selector sel; 384*53ee8cc1Swenshuai.xi __u32 index; 385*53ee8cc1Swenshuai.xi __u8 dir; 386*53ee8cc1Swenshuai.xi }; 387*53ee8cc1Swenshuai.xi 388*53ee8cc1Swenshuai.xi struct xfrm_user_acquire { 389*53ee8cc1Swenshuai.xi struct xfrm_id id; 390*53ee8cc1Swenshuai.xi xfrm_address_t saddr; 391*53ee8cc1Swenshuai.xi struct xfrm_selector sel; 392*53ee8cc1Swenshuai.xi struct xfrm_userpolicy_info policy; 393*53ee8cc1Swenshuai.xi __u32 aalgos; 394*53ee8cc1Swenshuai.xi __u32 ealgos; 395*53ee8cc1Swenshuai.xi __u32 calgos; 396*53ee8cc1Swenshuai.xi __u32 seq; 397*53ee8cc1Swenshuai.xi }; 398*53ee8cc1Swenshuai.xi 399*53ee8cc1Swenshuai.xi struct xfrm_user_expire { 400*53ee8cc1Swenshuai.xi struct xfrm_usersa_info state; 401*53ee8cc1Swenshuai.xi __u8 hard; 402*53ee8cc1Swenshuai.xi }; 403*53ee8cc1Swenshuai.xi 404*53ee8cc1Swenshuai.xi struct xfrm_user_polexpire { 405*53ee8cc1Swenshuai.xi struct xfrm_userpolicy_info pol; 406*53ee8cc1Swenshuai.xi __u8 hard; 407*53ee8cc1Swenshuai.xi }; 408*53ee8cc1Swenshuai.xi 409*53ee8cc1Swenshuai.xi struct xfrm_usersa_flush { 410*53ee8cc1Swenshuai.xi __u8 proto; 411*53ee8cc1Swenshuai.xi }; 412*53ee8cc1Swenshuai.xi 413*53ee8cc1Swenshuai.xi struct xfrm_user_report { 414*53ee8cc1Swenshuai.xi __u8 proto; 415*53ee8cc1Swenshuai.xi struct xfrm_selector sel; 416*53ee8cc1Swenshuai.xi }; 417*53ee8cc1Swenshuai.xi 418*53ee8cc1Swenshuai.xi struct xfrm_user_migrate { 419*53ee8cc1Swenshuai.xi xfrm_address_t old_daddr; 420*53ee8cc1Swenshuai.xi xfrm_address_t old_saddr; 421*53ee8cc1Swenshuai.xi xfrm_address_t new_daddr; 422*53ee8cc1Swenshuai.xi xfrm_address_t new_saddr; 423*53ee8cc1Swenshuai.xi __u8 proto; 424*53ee8cc1Swenshuai.xi __u8 mode; 425*53ee8cc1Swenshuai.xi __u16 reserved; 426*53ee8cc1Swenshuai.xi __u32 reqid; 427*53ee8cc1Swenshuai.xi __u16 old_family; 428*53ee8cc1Swenshuai.xi __u16 new_family; 429*53ee8cc1Swenshuai.xi }; 430*53ee8cc1Swenshuai.xi 431*53ee8cc1Swenshuai.xi /* backwards compatibility for userspace */ 432*53ee8cc1Swenshuai.xi #define XFRMGRP_ACQUIRE 1 433*53ee8cc1Swenshuai.xi #define XFRMGRP_EXPIRE 2 434*53ee8cc1Swenshuai.xi #define XFRMGRP_SA 4 435*53ee8cc1Swenshuai.xi #define XFRMGRP_POLICY 8 436*53ee8cc1Swenshuai.xi #define XFRMGRP_REPORT 0x20 437*53ee8cc1Swenshuai.xi 438*53ee8cc1Swenshuai.xi enum xfrm_nlgroups { 439*53ee8cc1Swenshuai.xi XFRMNLGRP_NONE, 440*53ee8cc1Swenshuai.xi #define XFRMNLGRP_NONE XFRMNLGRP_NONE 441*53ee8cc1Swenshuai.xi XFRMNLGRP_ACQUIRE, 442*53ee8cc1Swenshuai.xi #define XFRMNLGRP_ACQUIRE XFRMNLGRP_ACQUIRE 443*53ee8cc1Swenshuai.xi XFRMNLGRP_EXPIRE, 444*53ee8cc1Swenshuai.xi #define XFRMNLGRP_EXPIRE XFRMNLGRP_EXPIRE 445*53ee8cc1Swenshuai.xi XFRMNLGRP_SA, 446*53ee8cc1Swenshuai.xi #define XFRMNLGRP_SA XFRMNLGRP_SA 447*53ee8cc1Swenshuai.xi XFRMNLGRP_POLICY, 448*53ee8cc1Swenshuai.xi #define XFRMNLGRP_POLICY XFRMNLGRP_POLICY 449*53ee8cc1Swenshuai.xi XFRMNLGRP_AEVENTS, 450*53ee8cc1Swenshuai.xi #define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS 451*53ee8cc1Swenshuai.xi XFRMNLGRP_REPORT, 452*53ee8cc1Swenshuai.xi #define XFRMNLGRP_REPORT XFRMNLGRP_REPORT 453*53ee8cc1Swenshuai.xi XFRMNLGRP_MIGRATE, 454*53ee8cc1Swenshuai.xi #define XFRMNLGRP_MIGRATE XFRMNLGRP_MIGRATE 455*53ee8cc1Swenshuai.xi __XFRMNLGRP_MAX 456*53ee8cc1Swenshuai.xi }; 457*53ee8cc1Swenshuai.xi #define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) 458*53ee8cc1Swenshuai.xi 459*53ee8cc1Swenshuai.xi #endif /* _LINUX_XFRM_H */ 460